diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-21 02:41:09 -0500 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-02-25 01:04:17 -0500 |
| commit | e5b56454e09a45ea6206d5253f78042c4e63f7d4 (patch) | |
| tree | 328b3ffb23791bb57533ceb8ab165498d61708d1 /net/ipv4 | |
| parent | 827789cbd7f0ca070cd8c8623580c4152c28fea5 (diff) | |
ah4: Use the IPsec protocol multiplexer API
Switch ah4 to use the new IPsec protocol multiplexer.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/ah4.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 54b965ddcb19..a2afa89513a0 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
| @@ -428,7 +428,7 @@ out: | |||
| 428 | return err; | 428 | return err; |
| 429 | } | 429 | } |
| 430 | 430 | ||
| 431 | static void ah4_err(struct sk_buff *skb, u32 info) | 431 | static int ah4_err(struct sk_buff *skb, u32 info) |
| 432 | { | 432 | { |
| 433 | struct net *net = dev_net(skb->dev); | 433 | struct net *net = dev_net(skb->dev); |
| 434 | const struct iphdr *iph = (const struct iphdr *)skb->data; | 434 | const struct iphdr *iph = (const struct iphdr *)skb->data; |
| @@ -438,23 +438,25 @@ static void ah4_err(struct sk_buff *skb, u32 info) | |||
| 438 | switch (icmp_hdr(skb)->type) { | 438 | switch (icmp_hdr(skb)->type) { |
| 439 | case ICMP_DEST_UNREACH: | 439 | case ICMP_DEST_UNREACH: |
| 440 | if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) | 440 | if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) |
| 441 | return; | 441 | return 0; |
| 442 | case ICMP_REDIRECT: | 442 | case ICMP_REDIRECT: |
| 443 | break; | 443 | break; |
| 444 | default: | 444 | default: |
| 445 | return; | 445 | return 0; |
| 446 | } | 446 | } |
| 447 | 447 | ||
| 448 | x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr, | 448 | x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr, |
| 449 | ah->spi, IPPROTO_AH, AF_INET); | 449 | ah->spi, IPPROTO_AH, AF_INET); |
| 450 | if (!x) | 450 | if (!x) |
| 451 | return; | 451 | return 0; |
| 452 | 452 | ||
| 453 | if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) | 453 | if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) |
| 454 | ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0); | 454 | ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0); |
| 455 | else | 455 | else |
| 456 | ipv4_redirect(skb, net, 0, 0, IPPROTO_AH, 0); | 456 | ipv4_redirect(skb, net, 0, 0, IPPROTO_AH, 0); |
| 457 | xfrm_state_put(x); | 457 | xfrm_state_put(x); |
| 458 | |||
| 459 | return 0; | ||
| 458 | } | 460 | } |
| 459 | 461 | ||
| 460 | static int ah_init_state(struct xfrm_state *x) | 462 | static int ah_init_state(struct xfrm_state *x) |
| @@ -536,6 +538,10 @@ static void ah_destroy(struct xfrm_state *x) | |||
| 536 | kfree(ahp); | 538 | kfree(ahp); |
| 537 | } | 539 | } |
| 538 | 540 | ||
| 541 | static int ah4_rcv_cb(struct sk_buff *skb, int err) | ||
| 542 | { | ||
| 543 | return 0; | ||
| 544 | } | ||
| 539 | 545 | ||
| 540 | static const struct xfrm_type ah_type = | 546 | static const struct xfrm_type ah_type = |
| 541 | { | 547 | { |
| @@ -549,11 +555,12 @@ static const struct xfrm_type ah_type = | |||
| 549 | .output = ah_output | 555 | .output = ah_output |
| 550 | }; | 556 | }; |
| 551 | 557 | ||
| 552 | static const struct net_protocol ah4_protocol = { | 558 | static struct xfrm4_protocol ah4_protocol = { |
| 553 | .handler = xfrm4_rcv, | 559 | .handler = xfrm4_rcv, |
| 560 | .input_handler = xfrm_input, | ||
| 561 | .cb_handler = ah4_rcv_cb, | ||
| 554 | .err_handler = ah4_err, | 562 | .err_handler = ah4_err, |
| 555 | .no_policy = 1, | 563 | .priority = 0, |
| 556 | .netns_ok = 1, | ||
| 557 | }; | 564 | }; |
| 558 | 565 | ||
| 559 | static int __init ah4_init(void) | 566 | static int __init ah4_init(void) |
| @@ -562,7 +569,7 @@ static int __init ah4_init(void) | |||
| 562 | pr_info("%s: can't add xfrm type\n", __func__); | 569 | pr_info("%s: can't add xfrm type\n", __func__); |
| 563 | return -EAGAIN; | 570 | return -EAGAIN; |
| 564 | } | 571 | } |
| 565 | if (inet_add_protocol(&ah4_protocol, IPPROTO_AH) < 0) { | 572 | if (xfrm4_protocol_register(&ah4_protocol, IPPROTO_AH) < 0) { |
| 566 | pr_info("%s: can't add protocol\n", __func__); | 573 | pr_info("%s: can't add protocol\n", __func__); |
| 567 | xfrm_unregister_type(&ah_type, AF_INET); | 574 | xfrm_unregister_type(&ah_type, AF_INET); |
| 568 | return -EAGAIN; | 575 | return -EAGAIN; |
| @@ -572,7 +579,7 @@ static int __init ah4_init(void) | |||
| 572 | 579 | ||
| 573 | static void __exit ah4_fini(void) | 580 | static void __exit ah4_fini(void) |
| 574 | { | 581 | { |
| 575 | if (inet_del_protocol(&ah4_protocol, IPPROTO_AH) < 0) | 582 | if (xfrm4_protocol_deregister(&ah4_protocol, IPPROTO_AH) < 0) |
| 576 | pr_info("%s: can't remove protocol\n", __func__); | 583 | pr_info("%s: can't remove protocol\n", __func__); |
| 577 | if (xfrm_unregister_type(&ah_type, AF_INET) < 0) | 584 | if (xfrm_unregister_type(&ah_type, AF_INET) < 0) |
| 578 | pr_info("%s: can't remove xfrm type\n", __func__); | 585 | pr_info("%s: can't remove xfrm type\n", __func__); |